Lucene search

K
rosalinux
ROSA LABROSA-SA-2021-1989
HistoryJul 02, 2021 - 6:17 p.m.

Advisory ROSA-SA-2021-1989

2021-07-0218:17:58
ROSA LAB
abf.rosalinux.ru
5

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

21.7%

Software: trousers 0.3.14
OS: Cobalt 7.9

CVE-ID: CVE-2020-24330
CVE-Crit: HIGH
CVE-DESC: A problem was discovered in TrouSerS before 0.3.14. If the tcsd daemon is running with root privileges and not the tss user, it will not be able to reset the root gid privilege when it is no longer needed.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-24331
CVE-Crit: HIGH
CVE-DESC: a problem was found in TrouSerS before version 0.3.14. If the tcsd daemon is running with superuser privileges, the user tss still has read and write permissions to the /etc/tcsd.conf file (which contains various settings related to this daemon).
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-24332
CVE-Crit: MEDIUM
CVE-DESC: An issue was discovered in TrouSerS before version 0.3.14. If the tcsd daemon is run as root, the creation of the system.data file is vulnerable to symbolic link attacks. The tss user can be used to create or corrupt existing files, which can lead to a DoS attack.
CVE-STATUS: default
CVE-REV: Default

OSVersionArchitecturePackageVersionFilename
Cobaltanynoarchtrousers< 0.3.14UNKNOWN
How to protect your server from attacks?

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

21.7%

Related for ROSA-SA-2021-1989